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DETAILED ACTION 

A. Summary of Prosection: 

1. Applicant has provided amendment to claims 1, 7, 9-10, and 13. 

2. Claim 8 has been cancelled. 

3. Applicant has amended the figures and specification. 

4. Claims 1-7, 9-15 have been examined and rejected. THIS ACTION IS MADE FINAL. 

B. Objections to the Specification and Claims: 

Specification 

5. The title of the invention is not descriptive. A new title is required that is clearly indicative 
of the invention to which the claims are directed. Specifically, the title is currently directed to a 
family of devices. Examiner does not agree and will change the title if there comes a time for 
allowance of the instant invention. 

6. The amendment filed February 27, 2001 is objected to under 35 U.S.C. 132 because it 
introduces new matter into the disclosure. 35 U.S.C. 132 states that no amendment shall 
introduce new matter into the disclosure of the invention. The added material which is not 
supported by the original disclosure is as follows: all that is included within the amendments 
directed to both figures 8 and 9. 

Applicant is required to cancel the new matter in the reply to this Office action. 
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Drawings 

7_ The proposed drawing correction and/or the proposed substitute sheets of 

drawings, filed on February 27, 2001 have been disapproved because they introduce new matter 
into the drawings. 37 CFR 1.118 states that matter involving a departure from or an addition to 
the original disclosure cannot be added to the application after its filing date. The original 
disclosure does not support the subject matter as captioned within the flow charts and their 
relative implied functionality. 

C. Claim Interpretation and Definitions 

Preamble of the Claims 

8. The preamble of the claims presented for examination have not been given patentable 
weight. Appropriate weight is given to limitations recited in the body of the claim that are needed 
for the purpose of antecedence. "A mere statement of purpose or intended use in the preamble of 
a claim need not be considered in finding anticipation; however, it must be considered if the 
language of a preamble is necessary to give meaning to the claim" Diver sitech Corp. v. Century 
Steps, Inc., 7 USPQ2d 1315 (Fed Cir. 1988); In re Stencel, 4 USPQ2d 1071 (Fed Cir. 1987) 

Claim Interpretation 

9. Examiner has given the broadest reasonable interpretation to the Applicant's claim 
language. As such, Examiner is providing a number of terms as defined in the art and used to 
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interpret Applicant's claim language. Examiner is interpreting the following terms in light of the 
Applicant's specification and the well known definitions of the prior art teachings. An Applicant 
can be her own lexicographer. While applicant may be his or her own lexicographer, a term in a 
claim may not be given a meaning repugnant to the usual meaning of that term, In re Hill, 161 
F.2d 367, 73 USPQ 482 (CCPA 1947). Examiner has used Applicant's definitions and those 
which are well know and accepted meanings in the art to provide a basis for the relevance of 
specific rejected limitations in view of prior art know made of record. 

specification, limitations from the specification are not read into the claims. In re Van Guens, 
988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Definitions 

Community : May be business, organization, association or any other type of grouping having a 
plurality of members. Applicant's specification. 

Member : Members may be persons, animals, objects or any other type of item of a community. 
Applicant's specification. 

Relationship: The state of being related or interrelated. The relation connecting or binding 
participants in a relationship. A state of affairs existing between those having relations or dealings. 
An association of information and/or data. Webster's Collegiate Dictionary, 10th ed. 
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Assignment: The act of being assigned. A position, post , or office to which one is assigned. A 
special task or amount of work assigned or undertaken as if assigned by authority. Transfer of 
property. Webster's Collegiate Dictionary, 10th ed 

Access Privileges : Access privileges may be automatically granted base on the relationship when 
a relationship table is interrogated by an application that may activate an assignment. The 
assignment is approved then activated. The relationship and assignment provide the basis for the 
access level or privilege level. Limited access privileges may be a subset of access privileges of the 
administrative manager. Privileges may be varied for administrative and/or work assignment 
managers. Privileges, relationships and assignments are stored Applicant's specification 

Manager : A person responsible for the actions of a member within a group. Mangers may have 
disparate access privileges based on their position to access member information. Managers can 
change their position in the organization(s). Access privileges can also change. Mangers have 
various levels of access to member information based on their position in an organization(s). 
Manger is a user with different levels of access than other users. Applicant 's specification, Well 
Known in the Art. 

Disparate access privileg es: Different relationships may provide the managers with disparate 
access privileges to records of members reporting to mangers. In a community a member may be 
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administratively assigned to a position of an organization A and be work assigned to an additional 
position of another organization B. The member is reporting to two different manages in two 
different organizations. Manager A has administrative responsibility for the member, while 
Manager B has work assignment responsibility. Manager A has a higher level of access to the 
member's information than the access level afforded Manager B. A manger is a user of the system 
with specific access privileges. Applicant's specification, Well Known in the Art. 

. D. CLAIM REJECTIONS -35 U.S.C. § 112 

Claim Rejections - 35 U.S.C. § 112 

1 0. The following is a quotation of the first paragraph of 35 U.S.C. § 112: 

The specification shall contain a written description of the invention, and of the manner 
and process of making and using it, in such full, clear, concise, and exact terms as to 
enable any person skilled in the art to which it pertains, or with which it is most nearly 
connected, to make and use the same and shall set forth the best mode contemplated by 
the inventor of carrying out his invention. 

11. Claims 1-19 are rejected under 35 U.S.C. § 1 12 3 first paragraph, as containing subject 
matter which was not described in the specification in such a way as to enable one skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and/or use the 
invention. Specifically, Applicant has not enabled "automatically providing.. .access privileges", as 
recited throughout claim 1, 7, 13, 16, 17, 18, and 19, within the teachings of the specification as 
filed. One of ordinary skill or the skilled artisan could not, with the teachings of Applicant's 
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invention, reduce to practice this aspect without undue experimentation. Dependant claims inherit 
this defect. 

The minimalist test for enablement is found within Applicants own specification. There is 
no teaching, only a broad accusation that it can perform this function. This is merely a neat 
concept without reduction or teaching of how to actually invoke an automatic system for enabling 
an access privilege. The skilled artisan or that person of ordinary skill level could not take the 
instant specification and reduce it to practice without actually inventing the system. As for the 
burden of proof it is shifted back to Applicant. There is no reasonable teaching within the 
specification as to how one could provide automatic access privileging. Automatically providing 
access privileges in a system such as Applicant is purposing is a tall bill to fill. If Applicant had 
reduced this to practice, perhaps they could provide an amount of coding to discharge their 
burden of showing that in fact they did have the invention in their hands at the time of the 
invention. 

The limited flow charting with almost no written description is not effective for providing 
a proper reduction to practice and would require one of ordinary skill in the art to perform undo 
experimentations to facilitate applicant's claimed invention. Automatically providing access 
privileges are subject matter which was not described in the specification in such a way as to 
reasonably convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. In re Cortright, 49 USPQ2d 1464 (Fed. Cir. 
1999); Gould v. Quigg 3 t USPQ2d 1302 (Fed. Cir. 1987); In re Gloss, 181 USPQ 31 (CCPA); 
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In re Swinehart, 169 USPQ 226 (CCPA 197 1); In re Wright, 9 USPQ2d 1649 (Fed. Cir. 1989); 
In reAngstadt, 190 USPQ 214(CCPA 1976); In re Mayhew, 527 F.2d 1229, 188 USPQ 356 
(CCPA 1976). 

F. FORMAL PRIOR ART REJECTION(s) and RESPONSES 

Response to Arguments 

12. Applicant's arguments filed February 27, 2001 have been fully considered. This response 
has been necessitated by Applicant's amendments and arguments. Applicant's arguments 
regarding the prior art of record are simply not persuasive. 

Specific Response to Arguments and Amendments 

13. The prior art explicitly teaches the user having multiple and disparate access privileges to 
data within an organization. Further, these privileges are changeable based on affiliations with the 
data and access need within the organization. The users, affiliations and access privileges can be 
grouped. Storage of the users information with disparate access privileges affiliated with work 
objects or data within an organization(s) seems to be what Applicant has claimed inventive. 

There appears to be only two distinctions that Applicant has raised over the prior art 
teachings. The first is that the prior art references do not teach "automatically" providing access 
privileges. This is an interesting approach since neither does Applicant's specification. However, 
in the case of trying to delineate a difference based solely on "automatic" verses "manual" there is 
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no patentable distinction between the them. In other words the mere automation of a manual 
process is not patentable by it self. Further, Applicant has not provided enablement for 
"automatically" providing access privileges. Second is the ability to assign members with multi- 
positions and the ability to reassign access rights. The prior art expressly teaches both these 
features. Neither of these issues provide any patentable distinction over the prior art teachings. 

MPEP explicitly states: "A prima facie case of unpatentability is established when the 
information compels a conclusion that a claim is unpatentable under the preponderance of 
evidence, burden-of-proof standard, giving each term in the claim its broadest reasonable 
construction consistent with the specification, and before any consideration is given to evidence 
which may be submitted in an attempt to establish a contrary conclusion of patentability" and "An 
application should not be allowed , unless and until issues pertinent to patentability have been 
raised and resolved in the course of examination and prosecution, since otherwise the resultant 
patent would not justify the statutory presumption of validity (35 U.S.C. 282), nor would it 
"strictly adhere" to the requirements laid down by Congress in the 1952 Act as interpreted by the 
Supreme Court. The standard to be applied in all cases is the "preponderance of the evidence" 
test. In other words, an examiner should reject a claim if, in view of the prior art and evidence of 
record, it is more likely than not that the claim is unpatentable " and "In rejecting claims for want 
of novelty or for obviousness, the examiner must cite the best references at his or her command. 
When a reference is complex or shows or describes inventions other than that claimed by the 
applicant, the particular part relied on must be designated as nearly as practicable. The pertinence 
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of each reference, if not apparent, must be clearly explained and each rejected claim specified" 
Examiner does not believe this application raises to the level of "complex" especially knowing the 
Assignee's relative level of experience in the field of computer access models. 

Anticipation is a question of fact. In re King, 801 F.2d 324, 231 USPQ 136 (Fed Cir. 
1986). The inquiry as to whether a reference anticipates a claim must focus on what subject 
matter is encompassed by the claim and what subject matter is described by the reference. As set 
forth by the court in Kalman v. Kimberly-Clark Corp. , 713 F2d 760, 218 USPQ 781, 789 
(Fed. Cir. 1983), cert, denied , 465 US. 1026 (1984), it is only necessary for the claims to " 
'read on' something disclosed in the reference, i.e., all limitations in the claim are found in the 
reference, or 'fully met 1 by it. "Where, as here, a reference describes a class of compositions, the 
reference must be analyzed to determine whether it describes a composition(s) with sufficient 
specificity to constitute an anticipation under the statute. See In re Schaumann 572 F.2d 312, 
197 USPQ 5 (CCPA 1978). (reciting from: Ex parte Lee, BPAI at 31 USPQ2d 1105) 

Examiner without any relevant evidence to the contrary had determined that the 
Applicant's claims pending in the instant case were and are not patentable nor allowable over the 
prior art made of record. Applicant was charged with the duty to rebut and provide evidence in 
the contrary of the Examiner's assertion of the prior art. 

Examiner further addresses Applicant's position regarding the multiple rejections directed 
to Claims 1-15. There is nothing precluding the assertion of multiple references against pending 
claims. In the instant case there were seven different references asserted. Examiner has made a 
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prima facie case regarding the patentability of Applicant's claims as filed. Note that the level of 
skill is presumed to be at least one of ordinary skill. Applicant is presumed to have at least this 
level of knowledge of the art. The rejection was intentionally structured to recite 'clearly 
anticipated'. No more explanation was required presuming that Applicant was at least ones of 
ordinary skill level in the art. However, the Examiner did provide a detailed listing of relevant 
citations for each reference to help direct the Applicant to understand the depth and scope of their 
individual teachings. 

As to the allegations of using a omnibus rejection, or piecemeal examination and use of a 
multiplicity of references, Examiner provides Applicant's representative with the following. Each 
claim is clearly anticipated by each and every reference asserted. On the face and with a minimal 
amount of diligence, Appellants' representative should have been able to ascertain the relevance 
of each and every reference. Examiner only provided a very small subset of all the references that 
anticipate (whether clearly or not) every claim as presented within Applicants' application. 

To restate the obvious "examiner is not called upon to cite all the references that may be 
available, but only the best.." Examiner used only a subset of the "best" references since they 
clearly anticipate all of Appellants' claimed limitations. Examiner did not cite "all the references 
that may be available", only five out of many more possible references. Specifically, Examiner did 
not cite any of the articles from a number of symposiums on role-based access or the military 
specifications that directly relate to the instant invention. A mere sampling of either family of 
specifications or articles would clearly anticipate all of the Appellants' independent claims and 
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many of their dependencies. The breath of which Appellants have drafted their claim language 
can be reasonably interpreted to be anticipated by many different publications and patents. 
Examiner provided only a reasonably small grouping of prior art that clearly anticipates both the 
instant invention and the claimed invention. 

Claim 1 , recites nothing more than providing a user with access to data based on stored 
affiliations with groupings for associated user privileges or access levels. This is nothing more 
than associating which data files a specific user has access privileges to, allowing this relationship 
to be reassigned and providing different levels of access to different data based on the associations 
between users and data. In simpler terms, a standard well known and off the shelf access privilege 
setting scheme that has been in existence for decades. A access control system based on users 
positions within an organization relationship to allowed data is within the scope of this claim. 

Examiner believes that Applicants are most probably attempting to cover "user-role" or 
"role-based" access control for a distributed system, however have fallen far short of actually 
claiming such an invention. Again, these systems are well known and are herewith asserted as 
prior art teachings of such systems. Examiner has provided a supporting reference to show what 
is designed into a functioning RBAC (role based access control) system. (Workshop Summary 
from the Proceedings of the First ACM Workshop on Role-Based Access Control, December 
1995, hereafter referred to as Workshop) 

Applicant is solving the same problem with the same technology in the same manner as the 
prior art. There is not an inventive step when all that is claimed is that which is well known and 



Application/Control Number: 08/920,433 FINAL 
Art Unit: 2123 



Page 13 



inherent in the art. Applicant's invention and Howell et al. perform the same functions and 
operations with the same equipment. This teachings provides for different settings of access 
privileges for users, members and groups with affiliations between the user and the object or data. 

Applicant has not provided any effective argument as to any patentable distinction, 
improvement or unexpected result that might occur over the prior art teachings when Applicant's 
method of providing different access privileges to different users based on affiliations than that 
which are built into the prior art teachings. Applicant appears to believe the novelty is within the 
ability of the system to store and change data relating to providing changeable access privileges to 
different users with varying levels of access. This is merely using the well known tool of the trade 
for its specific purpose. The courts have held that "A reference anticipates a claim if it discloses 
the claimed invention such that a skilled artisan could take its teachings in combination with his 
own knowledge of the particular art and be in possession of the invention.". In re Graves, 36 
USPQ2d 1697 (Fed, Cir. 1995); In re Sase, 207 USPQ 107 (CCPA 1980); In re Samour, 197 
USPQ 1 (CCPA 1978). 

Within the prior art teachings, the privilege levels of users, members, groups or manager 
users can be changed. A manager user can be afforded access rights a one level to one set of data 
and also be afforded different access rights to a second set of data. Users can be afforded different 
access levels to different data within different or the same system. In general Applicants are 
merely attempting to claim setting access privileges based on a business organizational chart. 
Applicants have vialed the standard multilevel group, membership and user access privilege 
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system in the cloak of business method. This is merely setting labels to specific users. A manger 
is a user with different levels of access relative to others in the organization. The ability to transfer 
access or membership is built into security systems. In fact, in general most systems do not want 
this feature available to the user so that data may be compartmented and secured. There can be 
afforded no patentable weight when the distinction is merely a label or specific use for a well 
known method, system, apparatus or processes. 

Applicant is reminded that a recitation of the intended use of the claimed invention must 
result in a structural difference between the claimed invention and the prior art in order to 
patentably distinguish the claimed invention from the prior art. If the prior art structure is capable 
of performing the intended use, then it meets the claim. In a claim drawn to a process of making, 
the intended use must result in a manipulative difference as compared to the prior art. In re 
Casey, 152 USPQ 235 (CCPA 1967); In re Otto, 136 USPQ 458, 459 (CCPA 1963). The 
components and their operations, as taught within the prior art teachings are functional 
equivalents, identical in operation and provide inherent operations that have an inevitable 
presence and are well known in the art. In re Bond, 15 USPQ2d 1566 (Fed. Cir. 1990), In re 
Robertson, 49 USPQ2d 1949 (Fed, Cir. 1999) 
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Claim Rejections - 35 U.S.C. §102 

14. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless -- 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or 
on sale in this country, more than one year prior to the date of application for patent in the United States. 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

15. Claims 1-19 are rejected under 35 U.S.C. § 102(b) as being clearly anticipated by Rabitti 
et al. or Baldwin or Demurjian et al. or Abraham et al.(903) or Howell et al. et al. and rejected 
under 35 U.S.C. § 102(e) as being clearly anticipated by Deinhart et al. or Barkley. Workshop 
reference is provided to give support for the underlying design requirements for these role or user 
based access systems, and incorporated into this rejection. 

Talcing claim 1, for example, Rabitti et al. and Baldwin and Demurjian and Abraham et 
al.(903) and Deinhart et al. and Barkley and Howell et al. et al. disclose: 
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Rabitti et ah: Abstract, sections entitled: Instruction, 2.2 Intuitive Overview of the Basic 

Authorization Concepts, 3 Implication Rules, Figures 7-9 with related text, 3.3 Authorization 

Objects, 3.3.2 Association of Authorization Types with Authorization Objects, 3.3.4 Rules for 

Computing Implicit Strong Authorizations, 4 Implicit Authorizations for Object-Oriented and 

Semantic Modeling Concepts, 5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 

Access Strategies 

Baldwin: Title, Abstract, Introduction, sections entitled: Groups Object Privileges and 

Individuals, page 1 19, Managing Changes to the Security Configuration, Aspects of security 

administration, page 120, pages 121-128 

Demurjian et a.: Title, Abstract, Figures 1-3, sections entitled: 1. Introduction and 

Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role Definition Hierarchy, 2.3 

Method Assignment, 3 T he URDH and Application Analysis, pages 198-202. 

Abraham et al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, Detailed 

Description of Preferred Embo diments, col. 9, lines 25 et seq., col. 19, lines 8 et seq. 

Deinhart et ah: Title: Method and System for Advanced Role-Based Access control in 

Distributed and Centralized Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, 

Description of Prior Art, Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et 

seq., col. 8, lines 53 et seq, col. 9, lines 38 et seq. 
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Barkley: Title: Workflow Management Employing Role-Based Access Control, Abstract, 

Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 20, roles 30, operations 32, 

Background of the Invention, Description of the Preferred Embodiments, col. 5, lines 55 et seq. 
Howell et al. et al.: Title, Abstract, Figures 2, 3, flow chart in figure 4, col. 2, lines 35 et seq., 

col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et seq., allows for changes in user 

and group membership access within the organization. 

A method of providing access privileges to records of members of a community, 

comprising 

storing an assignment of a member of a community to a first position in the 
community to generate a first relationship; 

automatically providing a manager of the first position with access privileges to 
records of the member based on the first relationship; 

storing an additional assignment of the member to a second position in the community 
to generate a second relationship; and 

during pendency of the additional assignment, automatically providing a manager of 
the second position with disparate access privileges to records of the member based on the 
second relationship. 

As to claim 2, the method of Claim 1, wherein the manager of the second position has 
access privileges to records of the member is taught throughout Rabitti et al. and Baldwin and 
Demurjian and Abraham et al. (903) and Deinhart et al. and Barkley and Howell et al. et 
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al.(Rabitti et al.: Abstract, sections entitled: Instruction, 2.2 Intuitive Overview of the Basic 
Authorization Concepts, 3 Implication Rules, Figures 7-9 with related text, 3.3 Authorization 
Objects, 3.3.2 Association of Authorization Types with Authorization Objects, 3.3.4 Rules for 
Computing Implicit Strong Authorizations, 4 Implicit Authorizations for Object-Oriented and 
Semantic Modeling Concepts, 5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 
Access Strategies; Baldwin: Title, Abstract, Introduction, sections entitled: Groups Object 
Privileges and Individuals, page 119, Managing Changes to the Security Configuration, Aspects 
of security administration, page 120, pages 121-128; Demurjian et a.: Title, Abstract, Figures 1- 
3, sections entitled: 1. Introduction and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A 
User-Role Definition Hierarchy, 2.3 Method Assignment, 3 The URDH and Application Analysis, 
pages 198-202.; Abraham et al,(903): Title, Abstract, Figures 2-15, Summary of the Invention, 
Detailed Description of Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; 
Deinhart et al.: Title: Method and System for Advanced Role-Based Access control in 
Distributed and Centralized Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, 
Description of Prior Art, Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., 
col. 8, lines 53 et seq, col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing 
Role-Based Access Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 
20, roles 30, operations 32, Background of the Invention, Description of the Preferred 
Embodiments, col. 5, lines 55 et seq.; Howell et al. et al.: Title, Abstract, Figures 2, 3, flow chart 
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in figure 4, col. 2, lines 35 et seq., col. 4, lines 24 et seq., col. 5 5 lines 23 -55, col. 6, lines 17 et 
seq., allows for changes in user and group membership access within the organization.^ 

As to claim 3, the method of Claim 1, wherein the manager of the first position has access 
privileges to administrative records of the member denied to the manager of the second position is 
taught throughout Rabitti et al. and Baldwin and Demurjian and Abraham et al. (903) and 
Deinhart et al. and Barkley and Howell et al. et al. (Rabitti et al.: Abstract, sections entitled: 
Instruction, 2.2 Intuitive Overview of the Basic Authorization Concepts, 3 Implication Rules, 
Figures 7-9 with related text, 3.3 Authorization Objects, 3.3.2 Association of Authorization 
Types with Authorization Objects, 3.3.4 Rules for Computing Implicit Strong Authorizations, 4 
Implicit Authorizations for Object-Oriented and Semantic Modeling Concepts, 5 Implementation 
Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 Access Strategies; Baldwin: Title, Abstract, 
Introduction, sections entitled: Groups Object Privileges and Individuals, page 1 19, Managing 
Changes to the Security Configuration, Aspects of security administration, page 120, pages 121- 
128; Demurjian et a.: Title, Abstract, Figures 1-3, sections entitled: 1. Introduction and 
Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role Definition Hierarchy, 2.3 
Method Assignment, 3 The URDH and Application Analysis, pages 198-202.; Abraham et 
aL(903): Title, Abstract, Figures 2-15, Summary of the Invention, Detailed Description of 
Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; Deinhart et al.: Title: 
Method and System for Advanced Role-Based Access control in Distributed and Centralized 
Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, Description of Prior Art, 
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Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., col. 8, lines 53 et seq, 
col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing Role-Based Access 
Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 20, roles 30, 
operations 32, Background of the Invention, Description of the Preferred Embodiments, col. 5, 
lines 55 et seq.; Howell et aL et ah: Title, Abstract, Figures 2, 3, flow chart in figure 4, col. 2, 
lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et seq., allows for 
changes in user and group membership access within the organization.) 

As to claim 4, the method of Claim 1, wherein the additional assignment comprises a tern 
work assignment is taught throughout Rabitti et al. and Baldwin and Demurjian and Abraham et 
al. (903) and Deinhart et al. and Barkley and Howell et al. et al.(Rabitti et al.: Abstract, sections 
entitled: Instruction, 2.2 Intuitive Overview of the Basic Authorization Concepts, 3 Implication 
Rules, Figures 7-9 with related text, 3.3 Authorization Objects, 3.3.2 Association of 
Authorization Types with Authorization Objects, 3.3.4 Rules for Computing Implicit Strong 
Authorizations, 4 Implicit Authorizations for Object-Oriented and Semantic Modeling Concepts, 
5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 Access Strategies; Baldwin: Title, 
Abstract, Introduction, sections entitled: Groups Object Privileges and Individuals, page 1 19, 
Managing Changes to the Security Configuration, Aspects of security administration, page 120, 
pages 121-128; Demurjian et a.: Title, Abstract, Figures 1-3, sections entitled: 1. Introduction 
and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role Definition Hierarchy, 
2.3 Method Assignment, 3 The URDH and Application Analysis, pages 198-202.; Abraham et 
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al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, Detailed Description of 
Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; Deinhart et al.: Title: 
Method and System for Advanced Role-Based Access control in Distributed and Centralized 
Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, Description of Prior Art, 
Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., col. 8, lines 53 et seq, 
col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing Role-Based Access 
Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 20, roles 30, 
operations 32, Background of the Invention, Description of the Preferred Embodiments, col. 5, 
lines 55 et seq.; Howell et al. et al.: Title, Abstract, Figures 2, 3, flow chart in figure 4, col. 2, 
lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et seq., allows for 
changes in user and group membership access within the organization.,) 

As to claim 5, the method of Claim 1, wherein the community comprises a business 
member comprises an employee of the business is taught throughout Rabitti et al. and Baldwin 
and Demurjian and Abraham et al. (903) and Deinhart et al. and Barkley and Caruso et al (Rabitti 
et al.: Abstract, sections entitled: Instruction, 2.2 Intuitive Overview of the Basic Authorization 
Concepts, 3 Implication Rules, Figures 7-9 with related text, 3.3 Authorization Objects, 3.3.2 
Association of Authorization Types with Authorization Objects, 3.3.4 Rules for Computing 
Implicit Strong Authorizations, 4 Implicit Authorizations for Object-Oriented and Semantic 
Modeling Concepts, 5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 Access 
Strategies; Baldwin: Title, Abstract, Introduction, sections entitled: Groups Object Privileges and 
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Individuals, page 1 19, Managing Changes to the Security Configuration, Aspects of security 
administration, page 120, pages 121-128; Demurjian et a.: Title, Abstract, Figures 1-3, sections 
entitled: 1. Introduction and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role 
Definition Hierarchy, 2.3 Method Assignment, 3 The URDH and Application Analysis, pages 
198-202.; Abraham et al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, 
Detailed Description of Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; 
Deinhart et al.: Title: Method and System for Advanced Role-Based Access control in 
Distributed and Centralized Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, 
Description of Prior Art, Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., 
col. 8, lines 53 et seq, col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing 
Role-Based Access Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 
20, roles 30, operations 32, Background of the Invention, Description of the Preferred 
Embodiments, col. 5, lines 55 et seq.; Howell et al. et ah: Title, Abstract, Figures 2, 3, flow chart 
in figure 4, col. 2, lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et 
seq., allows for changes in user and group membership access within the organization.^ 

As to claim 6, the method of Claim 1 , wherein the records comprise personnel records of 
the member is taught throughout Rabitti et al. and Baldwin and Demurjian and Abraham et al. 
(903) and Deinhart et al. and Barkley and Howell et al. et aL(Rabitti et al.: Abstract, sections 
entitled: Instruction, 2.2 Intuitive Overview of the Basic Authorization Concepts, 3 Implication 
Rules, Figures 7-9 with related text, 3.3 Authorization Objects, 3.3.2 Association of 
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Authorization Types with Authorization Objects, 3.3.4 Rules for Computing Implicit Strong 
Authorizations, 4 Implicit Authorizations for Object-Oriented and Semantic Modeling Concepts, 
5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 Access Strategies; Baldwin: Title, 
Abstract, Introduction, sections entitled: Groups Object Privileges and Individuals, page 1 19, 
Managing Changes to the Security Configuration, Aspects of security administration, page 120, 
pages 121-128; Demurjian et a.: Title, Abstract, Figures 1-3, sections entitled: 1. Introduction 
and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A User-Role Definition Hierarchy, 
2.3 Method Assignment, 3 The URDH and Application Analysis, pages 198-202.; Abraham et 
al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, Detailed Description of 
Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; Deinhart et aL: Title: 
Method and System for Advanced Role-Based Access control in Distributed and Centralized 
Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, Description of Prior Art, 
Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., col. 8, lines 53 et seq, 
col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing Role-Based Access 
Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 20, roles 30, 
operations 32, Background of the Invention, Description of the Preferred Embodiments, col. 5, 
lines 55 et seq.; Howell et al. et al.: Title, Abstract, Figures 2, 3, flow chart in figure 4, col. 2, 
lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et seq., allows for 
changes in user and group membership access within the organization.,) 
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Claims 7, 9-19 are rejected based on the same reasoning as claims 1-6, supra. Claims 7, 
9-19 claim the same limitations as claims 1-6 and taught throughout Rabitti et al. and Baldwin and 
Demurjian and Abraham et al. (903) and Deinhart et al. and Barkley and Howell et al. et al. 
(Rabitti et al.: Abstract, sections entitled: Instruction, 2.2 Intuitive Overview of the Basic 
Authorization Concepts, 3 Implication Rules, Figures 7-9 with related text, 3.3 Authorization 
Objects, 3.3.2 Association of Authorization Types with Authorization Objects, 3.3.4 Rules for 
Computing Implicit Strong Authorizations, 4 Implicit Authorizations for Object-Oriented and 
Semantic Modeling Concepts, 5 Implementation Considerations, 5.1 Role Lattice, 5.2 , 5.2.2 
Access Strategies; Baldwin: Title, Abstract, Introduction, sections entitled: Groups Object 
Privileges and Individuals, page 1 19, Managing Changes to the Security Configuration, Aspects 
of security administration, page 120, pages 121-128; Demurjian et a.: Title, Abstract, Figures 1- 
3, sections entitled: 1. Introduction and Motivation, 2.1 An Object-Oriented Design Model, 2.3 A 
User-Role Definition Hierarchy, 2.3 Method Assignment, 3 The URDH and Application Analysis, 
pages 198-202.; Abraham et al.(903): Title, Abstract, Figures 2-15, Summary of the Invention, 
Detailed Description of Preferred Embodiments, col. 9, lines 25 et seq., col. 19, lines 8 et seq.; 
Deinhart et aL: Title: Method and System for Advanced Role-Based Access control in 
Distributed and Centralized Computer Systems, Abstract, Figures 1, 2A-2C, 3A-3B, 5, 6 and 7, 
Description of Prior Art, Summary of the Invention, col. 6, lines 65 et seq., col. 7, lines 16 et seq., 
col. 8, lines 53 et seq, col. 9, lines 38 et seq.; Barkley: Title: Workflow Management Employing 
Role-Based Access Control, Abstract, Figure 1 (prior art) and 2, users 26, user ID 28, Subjects 
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20, roles 30, operations 32, Background of the Invention, Description of the Preferred 
Embodiments, col. 5, lines 55 et seq.; Howell et al. et al.: Title, Abstract, Figures 2, 3, flow chart 
in figure 4, col. 2, lines 35 et seq., col. 4, lines 24 et seq., col. 5, lines 23 -55, col. 6, lines 17 et 
seq., allows for changes in user and group membership access within the organization.) 

Conclusion 

16. The prior art made of record and not relied upon is considered pertinent to Applicant's 
disclosure is listed on the attached PTO 892, careful consideration should be given prior to 
Applicant's response to this Office Action. 

1 7. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 C.F.R. § 1.136(a) 

A SHORTENED STATUTORY PERIOD FOR RESPONSE TO THIS FINAL ACTION 
IS SET TO EXPIRE THREE MONTHS FROM THE DATE OF THIS ACTION. IN THE 
EVENT A FIRST RESPONSE IS FILED WITHIN TWO MONTHS OF THE MAILING DATE 
OF THIS FINAL ACTION AND THE ADVISORY ACTION IS NOT MAILED UNTIL 
AFTER THE END OF THE THREE-MONTH SHORTENED STATUTORY PERIOD, THEN 
THE SHORTENED PERIOD WILL EXPIRE ON THE DATE THE ADVISORY ACTION IS 
MAILED, AND ANY EXTENSION FEE PURSUANT TO 37 C.F.R. § 1.136(a) WILL BE 
CALCULATED FROM THE MAILING DATE OF THE ADVISORY ACTION. IN NO 
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EVENT WILL THE STATUTORY PERIOD FOR RESPONSE EXPIRE LATER THAN SIX 
MONTHS FROM THE DATE OF THIS FINAL ACTION. 



1 8. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to William Thomson whose telephone number is (703) 305-0022. The 
examiner can be usually reached between 9:30 a.m. - 4:00 p.m. Monday thru Friday. Voice mail is 
checked throughout the day. Please leave a detailed message. 



If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Mr. Kevin Teska, can be reached on 704-305-9704. The fax phone number for this 
Group is 703-308-1396. 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the Group receptionist whose telephone number is 703-305-3900. 
William D. Thomson 



Patent Examiner 
A.U.2123 
May 19, 2001 




